UPDATE: OWASP Dependency-Check 3.1.2

My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.2! Most importantly NVD urls were updated. Earlier, they used to point to https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml.gz, which no longer works as the updated location is https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-modified.xml.gz.

What is OWASP Dependency-Check?

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. It can currently be used to scan Java and .NET applications to identify the use of known vulnerable components with experimental analyzers for Python, Ruby, PHP (composer), and Node.js applications. Additionally, OWASP Dependency-Check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use Autoconf or CMake.

OWASP Dependency-Check 3.1.2 Changelog:

Bug fixes

Updated the NVD URLs

Add project references to the JSON and XML report; in aggregate scans using Maven or Gradle the dependencies will include a reference to the project/module where they were found

The configuration option versionCheckEnabled was added to Maven to allow users to disable the check for new versions of dependency-check; this will be added to gradle plugin, Ant Task, and the CLI in a future release

The XML and JSON reports were fixed so that the correct version number is displayed see issue #1109

Featured Post

Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!